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What is claimed is: 

1. A method of providing an authentication service, 
comprising: 

relating a user identity to a set of a plurality of 
authentication mechanisms; 

relating a type of transaction with a relying party to 
a level of authentication; and 

authenticating the user identity through at least one 
authentication mechanism in the set of the 
plurality of authentication mechanisms for the 
type of transaction, according to the level of 
authentication. 

2. The method as recited in claim 1, further comprising: 
selecting the at least one authentication mechanism 

depending on the plurality of authentication mechanisms 
related with the user and the level of authentication. 

3. The method as recited in claim 1, further comprising: 
monitoring a series of authentications for the relying 

party to detect fraud. 

4. The method as recited in claim 1, wherein the 
authentication mechanisms in the set of authentication 
mechanisms are part of a distributed system. 

5. The method as recited in claim 3, wherein at least one 
of the authentication mechanisms is mobile. 
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6. A computer- readable medium having computer- executable 
instructions for performing the method as recited in claim 
1. 

7. A method of syndication, comprising: 

offering an authentication service, the authentication 
service being capable of authenticating a user 
identity with a plurality of authentication 
mechanisms, rendering results of the 
authentication to at least one relying party, and 
dynamically making an authorization decision; and 

distributing the authentication service to the at 
least one relying party. 

8. The method as recited in claim 7, wherein the at least 
one relying party integrates the authentication service 
together with other offerings. 

9. The method as recited in claim 7, wherein the dynamic 
authorization decision is based on a requested access 
level, authentication mechanisms used, and an account 
status . 

10. The method as recited in claim 7, further comprising: 
providing secure recovery from potential fraud without 

requiring re-registration of a user. 
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1 11. The method as recited in claim 7 , further comprising: 

2 charging the relying party for each authenticating 

3 event . 

1 12. A computer-readable medium having computer-executable 

2 instructions for performing the method as recited in claim 

3 6. 

1 13. A method of registration, comprising: 

2 authenticating a user; 

3 determining a level of identity confirmation for a 

4 registration; 

5 receiving a new authentication mechanism; 

6 receiving new authentication verification information; 

7 and 

8 storing user identity information, the level of 

9 identity confirmation, and the new authentication 
10 verification information in a database. 

1 14. The method as recited in claim 13, wherein 

2 authenticating the user is done by a registration server. 

1 15. The method as recited in claim 13, wherein 

2 authenticating the user is done by a registration agent. 

1 16. The method as recited in claim 13, wherein 

2 authenticating the user is performed by using an 

3 authentication mechanism stored in the database. 
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1 17. The method as recited in claim 13, further comprising: 

2 receiving from the user, a request for registration. 

1 18. The method as recited in claim 17, wherein receiving 

2 the request for registration is done by an authentication 

3 server. 

1 19. The method as recited in claim 17, wherein receiving 

2 the request for registration is done by an authentication 

3 agent . 

1 20. The method as recited in claim 13, wherein determining 

2 the level of identity confirmation for the registration is 

3 done by a registration server. 

1 21. The method as recited in claim 13, wherein determining 

2 the level of identity confirmation for the registration is 

3 done by a registration agent. 

1 22. The method as recited in claim 13, wherein receiving 

2 new authentication verification information is done by a 

3 registration server. 

1 23. The method as recited in claim 13, further comprising 

2 sending the user identity information, the level of 

3 identity confirmation, and the new authentication 

4 verification information. 
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1 24. The method as recited in claim 23, wherein sending is 

2 done from a registration server to an authentication 

3 server. 

1 25. The method as recited in claim 23, wherein sending the 

2 user identity information, the level of identity 

3 confirmation, and the authentication verification 

4 information is done from a registration agent to a 

5 registration server. 

1 26. The method as recited in claim 23, further comprising 

2 sending pre-existing user information. 

1 27. A method of providing an authentication service, 

2 comprising: 

3 providing a list of supported authentication methods; 

4 receiving requirements for an authentication level 

5 from at least one relying party; 

6 receiving a selection of authentication methods from 

7 at least one user; 

8 receiving identification information for the at least 

9 one user; 

10 producing a portfolio associated with the at least one 

11 user, the portfolio comprising the list of 

12 authentication methods, each authentication 

13 method in the portfolio meeting the selection of 

14 the at least one user, each authentication method 
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in the portfolio supported by an authentication 
system, the list of authentication methods 
meeting the requirements for the authentication 
level from the at least one relying party; and 
relating the identification information to the 
portfolio for the at least one user. 

28. The method as recited in claim 27, wherein receiving 
the selection is a subset of the list of supported 
authentication methods. 

29. The method as recited in claim 27, further comprising: 
storing the portfolio on an authentication server 

capable of providing the authentication service 
to the at least one relying party. 

30. The method as recited in claim 27, further comprising: 
providing a selection of authentication methods to the 

at least one user; 

receiving at least one selected authentication method 

from the at least one user; 
receiving authentication information required to 

perform authentication for each of the at least 

one selected authentication methods; 
wherein the portfolio includes the authentication 

information. 

31. The method as recited in claim 27, further comprising: 
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authenticating, by the authentication system, the at 

least one user to the at least one relying party. 

32. The method as recited in claim 31, wherein 
authenticating the at least one user to the at least one 
relying party comprises: 

providing a challenge to the at least one user; 
accepting a response to the challenge from the at 
least one user; 

examining the response to the challenge to ensure its 
authenticity; 

comparing authentication information received by the 
at least one user to the portfolio associated 
with the at least one user; and 
communicating an authentication result to the at least 
one relying party. 

33. The method as recited in claim 27, wherein the at 
least one relying party is an online pharmacy and the at 
least one user is a doctor. 

34. The method as recited in claim 27, further comprising: 
adding a new authentication method to the portfolio. 

35. The method as recited in claim 34, wherein adding the 
new authentication method to the portfolio comprises: 

authenticating the at least one user using an 

authentication method already in the portfolio; 
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receiving authentication information for the new 

authentication method; and 
storing the new authentication method and its 

authentication information in the portfolio. 

36. The method as recited in claim 27, further comprising: 
receiving notice of a potentially compromised 

authentication method in the portfolio; 
authenticating the at least one user using an 

authentication method already in the portfolio, 

but not using the potentially compromised 

authentication method; and 
revoking the authentication information for the 

potentially compromised authentication method in 

the portfolio associated with the at least one 

user. 

37. The method as recited in claim 27, further comprising: 
monitoring authentication events for the at least one 

user; and 

detecting possible fraud for a suspect authentication 
method. 

38. The method as recited in claim 37, further comprising: 
authenticating the at least one user using an 

authentication method already in the portfolio, 
but not using the suspect authentication method; 
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communicating the possible fraud to the at least one 
user; and 

upon confirmation of fraud, revoking the suspect 
authentication method in the portfolio. 

39. The method as recited in claim 37, further comprising: 
automatically revoking the suspect authentication 

method in the portfolio; 
wherein the possible fraud is potentially serious 
fraud. 

40. A computer- readable medium having computer-executable 
instructions for performing the method as recited in claim 
27. 

41. A method of authentication, comprising: 
requesting, by a user to a relying party, a protected 

service; 

sending, by the relying party, a description of the 
request to an authorization server; 

determining, by the authorization server, a first 
level of assurance; 

sending, by the authorization server to an 
authentication server, the first level of assurance; 

requesting, by an authentication server, 
authentication from the user; 

entering, by the user, authentication information into 
an authentication device; 
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sending, by the authentication device to the 
authentication server, authentication information; 

verifying, by the authentication server, the 
authentication information using authentication 
verification information stored in a portfolio in a 
database that is associated with the user; 

computing, by the authentication server, a second 
level of assurance; 

evaluating whether the second level of assurance is 
high enough; 

sending, by the authentication server to the 
authorization server, a first success message, upon 
determining the second level of assurance is high enough; 

verifying, by the authorization server, information 
from the authentication server; 

verifying, by the authorization server, that the user 
is allowed to perform the protected service; 

sending, by the authorization server to the relying 
party, a second success message, upon verification of the 
information from the authentication server and verification 
that the user is allowed to perform the protected service; 
and 

providing, by the relying party to the user, the 
protected service. 

42. The method as recited in claim 41, further comprising: 

requesting, by the authentication server to the user, 
authentication using at least one additional authentication 
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4 method, upon determining the second level of assurance is 

5 not high enough. 

1 43. The method as recited in claim 42, further comprising: 

2 sending, by the authentication server to the 

3 authorization server, a first failure message and a reduced 

4 level of assurance, upon determining the user is unable to 

5 authenticate using the at least one additional 

6 authentication method; 

7 storing, by the authorization server, the reduced 

8 level of assurance; 

9 sending, by the authorization server to the relying 

10 party, a second failure message; and 

11 providing, by the relying party to the user, a third 

12 failure message. 
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